[RADIATOR] <AuthLog SYSLOG> on Windows Server ?

Mueller, Jason C jason-mueller at uiowa.edu
Fri Nov 1 13:58:58 CDT 2013 

Heikki,

I created a Perl script independent of Radiator that called Sys::Syslog and sent a message to the remote host. That worked using UDP.

Here are the stanzas I created in the Radiator config file:

<Log SYSLOG>
	Identifier syslog
	LogSock udp
	LogHost IP_ADDRESS_OF_REMOTE_HOST
	Facility local5
</Log>

<AuthLog SYSLOG>
	Identifier authsyslog
	LogSock udp
	LogHost IP_ADDRESS_OF_REMOTE_HOST
	Facility local5
	SuccessFormat %H:%M:%S | %{Calling-Station-Id} | %u | OK | NAS-IP %N
	FailureFormat %H:%M:%S | %{Calling-Station-Id} | %u | FAIL: %1 | NAS-IP %N
</AuthLog>

As Neil indicated, the inet option did not work. I really don’t want to use the “inet” option, since it tries TCP first, and we are not using TCP. The RADIUS servers are under relatively heavy load, so I do not want to consume the time or cycles sending a message with no possible means of success in a single threaded application.

I did not have the LogSuccess and LogFailure options set in the <AuthLog SYSLOG> clause. I have added those, but no success.

I should note that when I had invalid attributes in the <Log SYSLOG> section that Radiator actually sent information to the syslog server indicating that I had invalid attributes. After they were removed and I restarted, Radiator did not send any logs. I would have expected to get the general log info, but that did not happen.

Any help is appreciated. We might try upgrading Perl and upgrading Radiator (one at a time to see which makes a difference).

-Jason


On Oct 30, 2013, at 8:54 AM, Heikki Vatiainen <hvn at open.com.au> wrote:

> On 10/29/2013 07:56 PM, Johnson, Neil M wrote:
>> Tried the LogSock inet, did not work.
>> 
>> We are running ActiveState PERL 5.12.2 and Sys::Syslog version 0.33
> 
> I tried with ActivePerl 5.14.4 and Sys::Syslog 0.33 using this
> configuration:
> 
> <AuthLog SYSLOG>
> 	Identifier myauthlogger
> 	LogHost 172.16.172.14
> 	LogSock inet
> 	LogSuccess 1
> 	LogFailure 1
> </AuthLog>
> 
> I had tcpdump running on 172.16.172.14 and there was traffic to syslog
> port 514. The configuration was goodies/authlog.cfg modified to use
> SYSLOG as shown above.
> 
> Maybe you could try a simple config to see if it works with something
> very basic?
> 
> I could not try with ActivePerl 5.12.2 since PPM complained about
> requiring authentication to upgrade to 0.33. Seeing how to get this
> solved may take a bit longer, but I thought I'd confirm syslog on
> Windows should work.
> 
> 
> -- 
> Heikki Vatiainen <hvn at open.com.au>
> 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
> NetWare etc.

More information about the radiator mailing list